Behavioral task
behavioral1
Sample
64cf760478ae702e8157d46821cfdb8fad6ac6bf640b511ca736d7315db70632.exe
Resource
win7-20231020-en
General
-
Target
73bf50ef38ecadff4e120a31ad00c747.bin
-
Size
1.9MB
-
MD5
ad0d2ffc0a6bcbbaa5da4ba5a752d7bf
-
SHA1
a89cf1484f74ad4c5d878bfac0f99e15a0fe35ea
-
SHA256
e3ee68efbbbe10d9298928a83a5bb7a5e65751b043640b1c02c138537367cdad
-
SHA512
0be520fd5c3a7bde69c9dc1da3b0936ee810e1e12887c7a7e64ed9618b5b97c17c8604c0e63709b81b6c65e2ad0fbc4dd0279eac223bd56a3c01ac00eb6a6e17
-
SSDEEP
49152:+7ZO2tGQvZKXFqX9AtdaaWtnkIuiSA793yDFK:2ZO2tGimqN6dVWdkw3V
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
resource yara_rule static1/unpack001/64cf760478ae702e8157d46821cfdb8fad6ac6bf640b511ca736d7315db70632.exe family_zgrat_v1 -
Zgrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/64cf760478ae702e8157d46821cfdb8fad6ac6bf640b511ca736d7315db70632.exe
Files
-
73bf50ef38ecadff4e120a31ad00c747.bin.zip
Password: infected
-
64cf760478ae702e8157d46821cfdb8fad6ac6bf640b511ca736d7315db70632.exe.exe windows:4 windows x64 arch:x64
Password: infected
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 3.2MB - Virtual size: 3.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 97KB - Virtual size: 97KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ